On Thu, 10 Nov 2022 14:51:54 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/x509/AlgorithmId.java line 177:
>>
>>> 175: // If still not initialized. Let the IOE be thrown.
>>> 176: }
>>> 177:
>>
>> This could be a risk change if the caller was not coded like what you do in
>> the EncryptedPrivateKeyInfo.java update. Did you have a chance to check
>> all caller codes and make sure it is a safe update.
>
> I double checked again. In all other cases, the params is either explicitly
> initialized right before the call, or it's retrieved from an initialized
> signature/cipher or another `AlgorithmId`. There is only one case that does
> not have an origin but the method is not called anywhere. I'll remove that
> method in my next commit.
Nit on line 168, remove space before "(".
-------------
PR: https://git.openjdk.org/jdk/pull/11067
